Feature #3357: How to revoke OSD for good? - devops - Ceph

Actions

Copy link

Feature #3357

closed

How to revoke OSD for good?

Added by Anonymous over 11 years ago. Updated almost 6 years ago.

Status:

Rejected

Priority:

Low

Assignee:

Category:

Target version:

% Done:

Source:

Tags:

Backport:

Reviewed:

Affected Versions:

Pull request ID:

Description

Use case: As an admin, a machine I had running 8 OSDs was compromised. The attacker got hold of all the secrets the OSDs had at the time, and the bootstrap-osd key. The machine is taken offline, the disk imaged and reinstalled. The original vulnerability has been fixed. How do I prevent further access to my data?

- need to remove the compromised OSD keys from mons
- need to rotate bootstrap-osd key, distribute new key
- shared OSD service key rotation should have happened by now already

As a bonus round, what if client.admin key got compromised too?

History
Property changes

Actions

Copy link

Updated by Sage Weil almost 6 years ago

Status changed from New to Rejected

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Ceph » devops

Custom queries

Feature #3357

How to revoke OSD for good?

Updated by Sage Weil almost 6 years ago